NTP Amplification DDoS Attack on CloudFlare

CloudFlare disclosed the information for the largest DDoS attack that exploited vulnerability in NTP protocol. The report estimates the DDoS attack to be 400 Gb/s. This is a new threat that target network time protocol on port 123 that is normally used to synchronize time servers.

February 10, 2014 1298 NTP servers on different networks were involved in the cyber attack without owner knowledge. Each of these servers at peak hour generated 87 Mbit/s of traffic to particular victims on internet. Cloudflare admits that the attacker controls so many bots that are using vulnerable NTP servers and it is just required from attacker to send server network requests.

The map shows the location of the NTP servers who participated in DDoS-attack on February 10.